Key skills
AngularNode.jsPostgreSQLAWSSecurity toolingCloud environmentsThreat modelingSecurity testingIncident analysisMentoringIAMSaaSSDLCLeadership
About this role
ClickUp is a breakout leader across every G2 category, positioned for rapid growth. They are hiring a Senior Security Engineer, AppSec to join a newly formed security team that partners closely with existing engineering groups to develop and share technology focused on security capabilities and incident response tools.
Responsibilities:
- Design and implement security features and protective measures that safeguard the full ClickUp platform
- Conduct threat modeling, security testing, and implementation reviews; evaluate requirements and architectural designs
- Develop tools that support prevention, detection, and response efforts across the entire SDLC—from code and testing through deployment and operations
- Integrate with engineering and product teams, serving as a 'security player-coach.'
- Create and enhance security automation within the ClickUp platform; build secure-by-default infrastructure and application patterns
- Monitor and assess production security events and provide detailed incident analysis when required
- Collaborate with engineers, product managers, data engineers, operators, and fellow security team members to help deliver a secure product
Requirements:
- Several years of experience in technology or software engineering
- Experience with Angular, Node.js, and PostgreSQL, or comparable technologies
- Ability to recognize and provide initial assessments of security risks
- Solid understanding of common security challenges and the ability to recommend secure design solutions
- Experience working in cloud and SaaS environments
- Ability to mentor team members on technical subjects, including security topics
- Experience leading technical initiatives, including team, project, or indirect technology leadership
- Skilled at facilitating collaborative discussions rather than directing them
- 5+ years of software development experience, including at least 1 year focused on security
- Familiarity with security tooling such as SAST, DAST, RASP, dependency scanning tools, and SIEM platforms
- At least 2 years of experience with AWS, including IAM and least-privilege design principles